Software Installed by the Cisco Unity Server Updates Wizard in 2010

Revised January 18, 2011

Caution Wizard development related to Cisco Unity 4.x and Cisco Unity Connection 1.x has ceased as of July 27, 2009 and March 12, 2009, respectively. For more information, see the Cautions at the end of the
"Servers on Which the Wizard Can Be Run" section.

This document lists the Microsoft updates that are installed automatically when you run the Cisco Unity Server Updates wizard. The following information is provided for each update: the update number, related Knowledge Base article ID, severity rating, and Microsoft document title. For more information on an update, refer to the Microsoft website.

In addition, this document lists the version of Cisco Security Agent for Cisco Unity that the Cisco Unity Server Updates wizard can optionally install.

On the second Tuesday of each month, Microsoft releases its list of new security updates. We review the list and, if the updates are sufficiently important, create a new wizard. (On average, we create a new wizard about every two months.) The new wizard contains the existing updates from previous wizard versions and the new updates that are applicable to the supported versions of the following software on any of the Cisco Unity-related servers:

•Windows Server 2003

•Windows 2000 Server

•SQL Server 2005 and SQL Server 2000

•SQL Server 2005 Express and MSDE 2000

•Exchange Server 2003

•Exchange 2000 Server

•Internet Explorer

This means that you need to run only the latest wizard version to get all of the updates that are currently recommended for use with any of the applicable servers.

Running the Server Updates Wizard

To ensure the best possible security for the third-party applications installed on Cisco Unity and Cisco Unity-related servers, we recommend that you do the following tasks once a month:

1. Download the latest Cisco Unity Server Updates wizard.

Go to the Voice and Unified Communications Downloads page at http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240. In the tree control on the Downloads page, expand Unified Communications Applications > Voice Mail and Unified Messaging > Cisco Unity, then click the latest version of Cisco Unity and browse to the Microsoft Updates download page.

Note To access the software download page, you must be logged on to Cisco.com as a registered user.

2. During nonbusiness hours, log on to the server from the console or by using a VNC viewer. Other remote-access applications are not supported.

3. If you plan to install a new version of Cisco Security Agent for Cisco Unity on a server on which it is already installed: Uninstall the existing version and restart the server before you run the Server Updates wizard.

Note Beginning in January 2010, the Server Updates wizard installs version 3.1(7) of the Cisco Security Agent for Cisco Unity.

4. If you uninstalled Cisco Security Agent for Cisco Unity version 3.1(5) or earlier in Task 3. and if the Cisco Unity server is running Windows Server 2003: Check the status of the Windows firewall and, if it is enabled, disable it. In some configurations, uninstalling Cisco Security Agent for Cisco Unity version 3.1(5) or earlier causes the Windows firewall to be enabled, which causes Cisco Unity to function improperly.

5. If you are running the wizard on a Cisco Unity server: Use the Cisco Unity tray icon to stop the Cisco Unity software.

6. Stop antivirus services, if any.

Note If you plan to skip installing a new version of Cisco Security Agent for Cisco Unity on a server on which it is already installed, the Server Updates wizard automatically stops the agent before installing the updates.

7. Run the wizard, and follow the on-screen prompts to install updates for the software installed on the server. At the end of the wizard, choose the option to restart the server.

Progress information displayed by the individual updates is sometimes inaccurate. Do not assume that an apparent lack of progress is an indication that the installation of an update has failed. (The wizard saves detailed installation logs to C:\WINDOWS\SUWlogs.)

8. Restart antivirus services, if any.

9. Repeat Task 2. through Task 8. on the remaining servers on which the wizard can be run.

Servers on Which the Wizard Can Be Run

The Cisco Unity Server Updates wizard can be run on the following Cisco Unity and Cisco Unity-related servers:

•In a Cisco Unity Voice Messaging configuration, you can also run the wizard on dedicated Exchange servers and domain controllers/global catalog servers.

Caution Wizard development related to Cisco Unity 4.x has ceased as of July 27, 2009, as documented in the "End of Software Maintenance Releases Date" milestone in the
EoS and EoL Announcement for Cisco Unity 4.x document at
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5745/ps2237/end_of_life_notice_cisco_unity_version_4x.html. The Cisco Unity 4.x support policy for Microsoft service packs and updates allows the installation of all Microsoft updates when they are released. Although using the Cisco Unity Server Updates wizard to install the updates may continue to work, we are no longer testing the wizard with Cisco Unity 4.x. As a result, if you encounter any problems with the wizard, Cisco TAC will not be able to help you resolve them. For the Cisco Unity 4.x support policy for Microsoft service packs and updates, see
Supported Hardware and Software, and Support Policies for Cisco Unity 4.2 and Later at
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/support/42lsupp.html.

Caution Wizard development related to Cisco Unity Connection 1.x has ceased as of March 12, 2009, as documented in the "End of Software Maintenance Releases Date" milestone in the
EoS and EoL Announcement for Cisco Unity Connection 1.x document at
https://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5745/ps6509/prod_end-of-life_notice0900aecd806c3d64.html. The Connection 1.x support policy for Microsoft service packs and updates allows the installation of all Microsoft updates when they are released. Although using the Cisco Unity Server Updates wizard to install the updates may continue to work, we are no longer testing the wizard with Connection 1.x. As a result, if you encounter any problems with the wizard, Cisco TAC will not be able to help you resolve them. For the Connection 1.x support policy for Microsoft service packs and updates, see
Cisco Unity Connection 1.x System Requirements, and Supported Hardware and Software at
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/1x/requirements/1xsysrq.html.

Only English-Language Versions of Updates Provided

The Cisco Unity Server Updates wizard contains only the English-language version of Microsoft updates. Therefore, you can use the wizard to update a server only when Windows was installed in one of the following ways:

•By using the Platform Configuration discs that are included with a Cisco Unity server purchased from Cisco.

Note Windows Server 2003 Platform Configuration discs include the Microsoft Multilingual User Interface, which allows you to localize the Windows user interface into the languages supported for use with Cisco Unity.

•By using a retail, English-language Windows disc.

You cannot use the Cisco Unity Server Updates wizard to install Microsoft updates when a localized version of Windows was installed on the server. If you installed a non-English-language version of Windows, we recommend that you use another process to download and install the Microsoft updates listed in this document (for example, Windows Automatic Update).

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

December 2010

–MS10-101, KB 2207559 (Important), Vulnerability in Windows Netlogon Service Could Allow Denial of Service

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

July 2010

–MS10-042, KB 2229593 (Critical), Vulnerability in Help and Support Center Could Allow Remote Code Execution

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

April 2010

–KB 948496, An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers

In addition, when this version of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

In addition, when version 3.0(3) of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

Wizard Version 3.0(2), December 2009

In addition, when version 3.0(2) of the wizard is run on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.

–MS09-004, KB 959420 (Important), Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution. (KB 959420 is the main article for this update. However, in the Add or Remove Programs control panel, the application is listed as "Security Update for SQL Server 2000 Service Pack 4 and MSDE 2000 (KB960083)".)

–MS09-003, KB 959239 (Critical), Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution. (KB 959239 is the main article for this update. However, in the Add or Remove Programs control panel, the application is listed as "Security Update for Exchange 2000 Server (KB959897)".)

After you install MS07-026, Cisco Unity may not be able to deliver voice messages to subscribers whose Active Directory accounts belong to one or more administrative groups. For information on a workaround, refer to the tech note Cisco Unity for Exchange Cannot Deliver Messages to Some Subscribers After MS06-019 or MS07-026 Is Installed at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_tech_notes_list.html.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.